An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*" ] }